AU-16.3: Disassociability

AU-16.3 · Disassociability

Control Description

Implement {{ insert: param, au-16.03_odp }} to disassociate individuals from audit information transmitted across organizational boundaries.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53-enhancement

organization

Enhancement

Control Statement

The control requirements

Implement {{ insert: param, au-16.03_odp }} to disassociate individuals from audit information transmitted across organizational boundaries.

Supplemental Guidance

Preserving identities in audit trails could have privacy ramifications, such as enabling the tracking and profiling of individuals, but may not be operationally necessary. These risks could be further amplified when transmitting information across organizational boundaries. Implementing privacy-enhancing cryptographic techniques can disassociate individuals from audit information and reduce privacy risk while maintaining accountability.